About the security content of OS X Yosemite v10.10.5 and Security Update 2015-006

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

Impact: A malicious app may be able to access notifications from other iCloud devices

Description: An issue existed where a malicious app could access a Bluetooth-paired Mac or iOS device's Notification Center notifications via the Apple Notification Center Service. The issue affected devices using Handoff and logged into the same iCloud account. This issue was resolved by revoking access to the Apple Notification Center Service.

Impact: An attacker may be able to determine Wi-Fi networks a device has previously accessed

Description: Upon connecting to a Wi-Fi network, MAC addresses of previously accessed networks may have been broadcast. This issue was addressed by broadcasting only MAC addresses associated with the current SSID.

CVE-ID

CVE-2015-3778 : Piers O'Hanlon of Oxford Internet Institute, University of Oxford (on the EPSRC Being There project)

CloudKit

Available for: OS X Yosemite v10.10 to v10.10.4

Impact: A malicious application may be able to access the iCloud user record of a previously signed in user

Description: A state inconsistency existed in CloudKit when signing out users. This issue was addressed through improved state handling.

CVE-ID

CVE-2015-3782 : Deepkanwal Plaha of University of Toronto

CoreMedia Playback

Available for: OS X Yosemite v10.10 to v10.10.4

Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution

Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation.

CVE-ID

CVE-2015-5756 : John Villamil (@day6reak), Yahoo Pentest Team

groff

Available for: OS X Yosemite v10.10 to v10.10.4

Impact: Multiple issues in pdfroff

Description: Multiple issues existed in pdfroff, the most serious of which may allow arbitrary filesystem modification. These issues were addressed by removing pdfroff.

CVE-ID

CVE-2009-5044

CVE-2009-5078

ImageIO

Available for: OS X Yosemite v10.10 to v10.10.4

Impact: Processing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution

Description: A memory corruption issue existed in the processing of TIFF images. This issue was addressed through improved bounds checking.

CVE-ID

CVE-2015-5758 : Apple

ImageIO

Available for: OS X Yosemite v10.10 to v10.10.4

Impact: Visiting a maliciously crafted website may result in the disclosure of process memory

Description: An uninitialized memory access issue existed in ImageIO's handling of PNG and TIFF images. Visiting a malicious website may result in sending data from process memory to the website. This issue is addressed through improved memory initialization and additional validation of PNG and TIFF images.

CVE-ID

CVE-2015-5781 : Michal Zalewski

CVE-2015-5782 : Michal Zalewski

Install Framework Legacy

Available for: OS X Yosemite v10.10 to v10.10.4

Impact: A malicious application may be able to execute arbitrary code with root privileges

Description: An issue existed in how Install.framework's 'runner' binary dropped privileges. This issue was addressed through improved privilege management.

CVE-ID

CVE-2015-5784 : Ian Beer of Google Project Zero

Install Framework Legacy

Available for: OS X Yosemite v10.10 to v10.10.4

Impact: A malicious application may be able to execute arbitrary code with system privileges

Description: A race condition existed in Install.framework's 'runner' binary that resulted in privileges being incorrectly dropped. This issue was addressed through improved object locking.

CVE-ID

CVE-2015-5754 : Ian Beer of Google Project Zero

IOFireWireFamily

Available for: OS X Yosemite v10.10 to v10.10.4

Impact: A local user may be able to execute arbitrary code with system privileges

Description: An issue existed in the way multi-architecture executable files were evaluated that could have allowed unsigned code to be executed. This issue was addressed through improved validation of executable files.

CVE-ID

CVE-2015-3803 : TaiG Jailbreak Team

Kernel

Available for: OS X Yosemite v10.10 to v10.10.4

Impact: A local user may be able to execute unsigned code

Description: A validation issue existed in the handling of Mach-O files. This was addressed by adding additional checks.

CVE-ID

CVE-2015-3802 : TaiG Jailbreak Team

CVE-2015-3805 : TaiG Jailbreak Team

Kernel

Available for: OS X Yosemite v10.10 to v10.10.4

Impact: Parsing a maliciously crafted plist may lead to an unexpected application termination or arbitrary code execution with system privileges

Description: A memory corruption existed in processing of malformed plists. This issue was addressed through improved memory handling.

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Risks are inherent in the use of the Internet. Contact the vendor for additional information. Other company and product names may be trademarks of their respective owners.